This is an automated email from the ASF dual-hosted git repository. villebro pushed a commit to tag 0.37.1rc1 in repository https://gitbox.apache.org/repos/asf/incubator-superset.git
commit a72903cb929c55642b22895dc11999495605a6fe Author: Daniel Vaz Gaspar <[email protected]> AuthorDate: Fri Sep 4 16:37:14 2020 +0100 security: disallow uuid package on jinja1 (#10794) * fix: disallow uuid package on jinja2 * update UPDATING.md * Update UPDATING.md Co-authored-by: Ville Brofeldt <[email protected]> Co-authored-by: Ville Brofeldt <[email protected]> --- UPDATING.md | 4 ++++ docs/sqllab.rst | 5 ++++- setup.cfg | 2 +- superset/extensions.py | 5 ++++- 4 files changed, 13 insertions(+), 3 deletions(-) diff --git a/UPDATING.md b/UPDATING.md index 3755694..2a6dcb8 100644 --- a/UPDATING.md +++ b/UPDATING.md @@ -21,6 +21,10 @@ under the License. This file documents any backwards-incompatible changes in Superset and assists people when migrating to a new version. +## 0.37.1 + +* [10794](https://github.com/apache/incubator-superset/pull/10794): Breaking change: `uuid` python package is not supported on Jinja2 anymore, only uuid functions are exposed eg: `uuid1`, `uuid3`, `uuid4`, `uuid5`. + ## 0.37.0 * [9964](https://github.com/apache/incubator-superset/pull/9964): Breaking change on Flask-AppBuilder 3. If you're using OAuth, find out what needs to be changed [here](https://github.com/dpgaspar/Flask-AppBuilder/blob/master/README.rst#change-log). diff --git a/docs/sqllab.rst b/docs/sqllab.rst index b582c53..27711cb 100644 --- a/docs/sqllab.rst +++ b/docs/sqllab.rst @@ -73,7 +73,10 @@ Superset's Jinja context: - ``time``: ``time`` - ``datetime``: ``datetime.datetime`` -- ``uuid``: ``uuid`` +- ``uuid1``: ``uuid1`` +- ``uuid3``: ``uuid3`` +- ``uuid4``: ``uuid4`` +- ``uuid5``: ``uuid5`` - ``random``: ``random`` - ``relativedelta``: ``dateutil.relativedelta.relativedelta`` diff --git a/setup.cfg b/setup.cfg index c126a4a..e8505c9 100644 --- a/setup.cfg +++ b/setup.cfg @@ -38,7 +38,7 @@ combine_as_imports = true include_trailing_comma = true line_length = 88 known_first_party = superset -known_third_party =alembic,apispec,backoff,bleach,cachelib,celery,click,colorama,contextlib2,croniter,cryptography,dataclasses,dateutil,flask,flask_appbuilder,flask_babel,flask_caching,flask_compress,flask_login,flask_migrate,flask_sqlalchemy,flask_talisman,flask_testing,flask_wtf,geohash,geopy,humanize,isodate,jinja2,markdown,markupsafe,marshmallow,msgpack,numpy,pandas,parameterized,parsedatetime,pathlib2,polyline,prison,pyarrow,pyhive,pytest,pytz,retry,selenium,setuptools,simplejson,sl [...] +known_third_party =alembic,apispec,backoff,bleach,cachelib,celery,click,colorama,contextlib2,croniter,cryptography,dateutil,flask,flask_appbuilder,flask_babel,flask_caching,flask_compress,flask_login,flask_migrate,flask_sqlalchemy,flask_talisman,flask_testing,flask_wtf,geohash,geopy,humanize,isodate,jinja2,markdown,markupsafe,marshmallow,msgpack,numpy,pandas,parameterized,parsedatetime,pathlib2,polyline,prison,pyarrow,pyhive,pytest,pytz,retry,selenium,setuptools,simplejson,slack,sphinx_r [...] multi_line_output = 3 order_by_type = false diff --git a/superset/extensions.py b/superset/extensions.py index a0dad81..2a35166 100644 --- a/superset/extensions.py +++ b/superset/extensions.py @@ -48,7 +48,10 @@ class JinjaContextManager: "relativedelta": relativedelta, "time": time, "timedelta": timedelta, - "uuid": uuid, + "uuid1": uuid.uuid1, + "uuid3": uuid.uuid3, + "uuid4": uuid.uuid4, + "uuid5": uuid.uuid5, } self._template_processors: Dict[str, Type["BaseTemplateProcessor"]] = {}
